CVE-2022-49089

IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition

Description

In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition The documentation of the function rvt_error_qp says both r_lock and s_lock need to be held when calling that function. It also asserts using lockdep that both of those locks are held. However, the commit I referenced in Fixes accidentally makes the call to rvt_error_qp in rvt_ruc_loopback no longer covered by r_lock. This results in the lockdep assertion failing and also possibly in a race condition.

N/A
CVSS
Severity:
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8a50937227c385a477177c9ffa122b4230e40666
https://git.kernel.org/stable/c/43c2d7890ecabe527448a6c391fb2d9a5e6bbfe0
https://git.kernel.org/stable/c/92f1947c0d26060e978b3a9f21f32ce7c8c9cca3
https://git.kernel.org/stable/c/77ffb2495a41098f9d6a14f8aefde3188da75944
https://git.kernel.org/stable/c/57800cc36e55db0547461c49acf5cd84c0f502b0
https://git.kernel.org/stable/c/4d809f69695d4e7d1378b3a072fa9aef23123018

Frequently Asked Questions

What is the severity of CVE-2022-49089?
CVE-2022-49089 has not yet been assigned a CVSS score.
How to fix CVE-2022-49089?
To fix CVE-2022-49089, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49089 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49089 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49089?
CVE-2022-49089 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.